At Box, we understand how crucial your content is, and we are committed to ensuring its security. 
Multi-factor authentication (MFA) is one of the most powerful tools available to admins for verifying user identity and securing access to content. MFA is a security mechanism in which users must provide two or more pieces of evidence, or factors, before being granted access to a product or service, such as Box.
If your organization does not use single sign-on (SSO) for authentication, Box allows users to set up two-factor authentication (2FA) for their accounts. The first factor is a password, and the second factor is a one-time password (OTP). You can choose from authenticator apps, SMS, or email for the second factor.
SMS 
- A short message service, the text messaging you use on your phone, and receives one-time passwords created from a secure random generator.
🔴 Authenticator apps 🔐🔢
- Generate unique one-time passwords (OTPs) using algorithms, with each password expiring after a short period. Box’s two-factor authentication (2FA) supports apps that comply with the TOTP (time-based one-time password) algorithm, which is defined by the Internet Engineering Task Force specification, IETF-6238. Common TOTP-compliant apps include Google Authenticator, Microsoft Authenticator, Authy, Duo, and LastPass. However, your administrator may require the use of a specific TOTP-compliant authenticator app.
Email 📩
- Similar to OTP authentication, sends a code to the user's selected email to access their Box account.This method ties login access to a user's email, preventing access from former users.
Check out the Multi-Factor Authentication Set Up for Your Account article for more details on setting up MFA and how to enable or disable it in your organization.
Related community article about authentication method:
Related support articles: